search

cds-snc / cloud-based-sensor

Infrastructure configuration to manage CCCS's Cloud Based Sensor in AWS accounts
https://cyber.gc.ca/en/host-based-sensors
MIT License
0 stars 0 forks source link

fix: add target_prefix to satellite bucket access logs #304

Closed patheard closed 9 months ago

patheard commented 9 months ago

Summary

Update the logging configuration on the satellite bucket to include a target_prefix for the access logs.

This was previously an optional parameter for the API that is now required: https://docs.aws.amazon.com/AmazonS3/latest/API/API_LoggingEnabled.html#AmazonS3-Type-LoggingEnabled-TargetPrefix

github-actions[bot] commented 9 months ago

307395567143: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-307395567143" tags = { "CostCentre" = "cbs-307395567143" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

957818836222: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-957818836222" tags = { "CostCentre" = "cbs-957818836222" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

762579868088: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-762579868088" tags = { "CostCentre" = "cbs-762579868088" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

975050085632: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 6 to add, 0 to change, 1 to destroy
Show summary | CHANGE | NAME | |----------|------------------------------------------------------------------| | add | `aws_iam_policy.s3_replicate` | | | `aws_iam_role_policy_attachment.s3_replicate` | | | `aws_s3_bucket_ownership_controls.satellite_bucket` | | | `aws_s3_bucket_policy.satellite_bucket` | | | `module.satellite_bucket.aws_s3_bucket_public_access_block.this` | | recreate | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: + create -/+ destroy and then create replacement <= read (data resources) Terraform will perform the following actions: # data.aws_iam_policy_document.cloudtrail_write_logs will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "cloudtrail_write_logs" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "s3:GetBucketAcl", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "CloudTrailGetAcl" + principals { + identifiers = [ + "cloudtrail.amazonaws.com", ] + type = "Service" } } + statement { + actions = [ + "s3:PutObject", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "CloudTrailPutObject" + condition { + test = "StringEquals" + values = [ + "arn:aws:cloudtrail:ca-central-1:975050085632:trail/CbsSatelliteTrail", ] + variable = "aws:SourceArn" } + condition { + test = "StringEquals" + values = [ + "bucket-owner-full-control", ] + variable = "s3:x-amz-acl" } + principals { + identifiers = [ + "cloudtrail.amazonaws.com", ] + type = "Service" } } } # data.aws_iam_policy_document.combined will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "combined" { + id = (known after apply) + json = (known after apply) + source_policy_documents = [ + (known after apply), + (known after apply), + (known after apply), + (known after apply), ] } # data.aws_iam_policy_document.deny_insecure_transport will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "deny_insecure_transport" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "s3:*", ] + effect = "Deny" + resources = [ + (known after apply), + (known after apply), ] + sid = "denyInsecureTransport" + condition { + test = "Bool" + values = [ + "false", ] + variable = "aws:SecureTransport" } + principals { + identifiers = [ + "*", ] + type = "*" } } } # data.aws_iam_policy_document.load_balancer_write_logs will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "load_balancer_write_logs" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "s3:PutObject", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "ELBLogDeliveryPutObject" + principals { + identifiers = [ + "arn:aws:iam::985666609251:root", ] + type = "AWS" } } } # data.aws_iam_policy_document.log_delivery_write_logs will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "log_delivery_write_logs" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "s3:GetBucketAcl", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "LogDeliveryGetAcl" + condition { + test = "ArnLike" + values = [ + "arn:aws:logs:ca-central-1:975050085632:*", ] + variable = "aws:SourceArn" } + condition { + test = "StringEquals" + values = [ + "975050085632", ] + variable = "aws:SourceAccount" } + principals { + identifiers = [ + "delivery.logs.amazonaws.com", ] + type = "Service" } } + statement { + actions = [ + "s3:PutObject", ] + effect = "Allow" + resources = [ + (known after apply), ] + sid = "LogDeliveryPutObject" + condition { + test = "ArnLike" + values = [ + "arn:aws:logs:ca-central-1:975050085632:*", ] + variable = "aws:SourceArn" } + condition { + test = "StringEquals" + values = [ + "975050085632", ] + variable = "aws:SourceAccount" } + condition { + test = "StringEquals" + values = [ + "bucket-owner-full-control", ] + variable = "s3:x-amz-acl" } + principals { + identifiers = [ + "delivery.logs.amazonaws.com", ] + type = "Service" } } } # data.aws_iam_policy_document.s3_replicate will be read during apply # (config refers to values not yet known) <= data "aws_iam_policy_document" "s3_replicate" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "s3:GetReplicationConfiguration", + "s3:ListBucket", ] + effect = "Allow" + resources = [ + (known after apply), ] } + statement { + actions = [ + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", ] + effect = "Allow" + resources = [ + (known after apply), ] } + statement { + actions = [ + "s3:ObjectOwnerOverrideToBucketOwner", + "s3:ReplicateDelete", + "s3:ReplicateObject", ] + effect = "Allow" + resources = [ + "arn:aws:s3:::cbs-log-archive-871282759583/*", ] } } # aws_iam_policy.s3_replicate will be created + resource "aws_iam_policy" "s3_replicate" { + arn = (known after apply) + id = (known after apply) + name = "CbsSatelliteReplicateToLogArchive" + name_prefix = (known after apply) + path = "/" + policy = (known after apply) + policy_id = (known after apply) + tags_all = (known after apply) } # aws_iam_role_policy_attachment.s3_replicate will be created + resource "aws_iam_role_policy_attachment" "s3_replicate" { + id = (known after apply) + policy_arn = (known after apply) + role = "CbsSatelliteReplicateToLogArchive" } # aws_s3_bucket_ownership_controls.satellite_bucket will be created + resource "aws_s3_bucket_ownership_controls" "satellite_bucket" { + bucket = (known after apply) + id = (known after apply) + rule { + object_ownership = "ObjectWriter" } } # aws_s3_bucket_policy.satellite_bucket will be created + resource "aws_s3_bucket_policy" "satellite_bucket" { + bucket = (known after apply) + id = (known after apply) + policy = (known after apply) } # module.satellite_bucket.aws_s3_bucket.this is tainted, so must be replaced -/+ resource "aws_s3_bucket" "this" { + acceleration_status = (known after apply) ~ arn = "arn:aws:s3:::cbs-satellite-975050085632" -> (known after apply) ~ bucket_domain_name = "cbs-satellite-975050085632.s3.amazonaws.com" -> (known after apply) + bucket_prefix = (known after apply) ~ bucket_regional_domain_name = "cbs-satellite-975050085632.s3.ca-central-1.amazonaws.com" -> (known after apply) ~ hosted_zone_id = "Z1QDHH18159H29" -> (known after apply) ~ id = "cbs-satellite-975050085632" -> (known after apply) ~ object_lock_enabled = false -> (known after apply) + policy = (known after apply) ~ region = "ca-central-1" -> (known after apply) ~ request_payer = "BucketOwner" -> (known after apply) ~ tags = { + "CostCentre" = "cbs-975050085632" + "Critical" = "false" + "Terraform" = "true" } ~ tags_all = { + "CostCentre" = "cbs-975050085632" + "Critical" = "false" + "Terraform" = "true" } + website_domain = (known after apply) + website_endpoint = (known after apply) # (3 unchanged attributes hidden) + cors_rule { + allowed_headers = (known after apply) + allowed_methods = (known after apply) + allowed_origins = (known after apply) + expose_headers = (known after apply) + max_age_seconds = (known after apply) } - grant { - id = "1a00a64d7832486410132787ffa61c9aa8189359d6a0b21f90c7e82b264daf3d" -> null - permissions = [ - "FULL_CONTROL", ] -> null - type = "CanonicalUser" -> null } + grant { + id = (known after apply) + permissions = (known after apply) + type = (known after apply) + uri = (known after apply) } + lifecycle_rule { + enabled = true + id = "delete-old-objects" + expiration { + days = 14 } } + logging { + target_bucket = "cbs-satellite-975050085632-access" + target_prefix = "logs/" } + object_lock_configuration { + object_lock_enabled = (known after apply) + rule { + default_retention { + days = (known after apply) + mode = (known after apply) + years = (known after apply) } } } + replication_configuration { + role = "arn:aws:iam::975050085632:role/CbsSatelliteReplicateToLogArchive" + rules { + id = "cbs-log-archive" + priority = 100 + status = "Enabled" + destination { + account_id = "871282759583" + bucket = "arn:aws:s3:::cbs-log-archive-871282759583" + replica_kms_key_id = "arn:aws:kms:ca-central-1:871282759583:key/c4591f87-9445-4840-acb6-a5569e703c93" + access_control_translation { + owner = "Destination" } } + filter {} + source_selection_criteria { + sse_kms_encrypted_objects { + enabled = true } } } } ~ server_side_encryption_configuration { ~ rule { # (1 unchanged attribute hidden) ~ apply_server_side_encryption_by_default { # (1 unchanged attribute hidden) } } } + website { + error_document = (known after apply) + index_document = (known after apply) + redirect_all_requests_to = (known after apply) + routing_rules = (known after apply) } # (1 unchanged block hidden) } # module.satellite_bucket.aws_s3_bucket_public_access_block.this will be created + resource "aws_s3_bucket_public_access_block" "this" { + block_public_acls = true + block_public_policy = true + bucket = (known after apply) + id = (known after apply) + ignore_public_acls = true + restrict_public_buckets = true } Plan: 6 to add, 0 to change, 1 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

729164266357: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-729164266357" tags = { "CostCentre" = "cbs-729164266357" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

687401027353: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-687401027353" tags = { "CostCentre" = "cbs-687401027353" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

637287734259: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-637287734259" tags = { "CostCentre" = "cbs-637287734259" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

794722365809: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-794722365809" tags = { "CostCentre" = "cbs-794722365809" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

127893201980: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-127893201980" tags = { "CostCentre" = "cbs-127893201980" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

521732289257: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-521732289257" tags = { "CostCentre" = "cbs-521732289257" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

239043911459: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-239043911459" tags = { "CostCentre" = "cbs-239043911459" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

414662622316: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-414662622316" tags = { "CostCentre" = "cbs-414662622316" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

866996500832: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-866996500832" tags = { "CostCentre" = "cbs-866996500832" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

723936812785: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-723936812785" tags = { "CostCentre" = "cbs-723936812785" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

800095993820: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-800095993820" tags = { "CostCentre" = "cbs-800095993820" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

283582579564: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-283582579564" tags = { "CostCentre" = "cbs-283582579564" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

066023111852: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-066023111852" tags = { "CostCentre" = "cbs-066023111852" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

296255494825: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-296255494825" tags = { "CostCentre" = "cbs-296255494825" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

806545929748: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-806545929748" tags = { "CostCentre" = "cbs-806545929748" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

796730610681: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-796730610681" tags = { "CostCentre" = "cbs-796730610681" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 9 months ago

472286471787: Satellite bucket

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------------| | update | `module.satellite_bucket.aws_s3_bucket.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.satellite_bucket.aws_s3_bucket.this will be updated in-place ~ resource "aws_s3_bucket" "this" { id = "cbs-satellite-472286471787" tags = { "CostCentre" = "cbs-472286471787" "Critical" = "false" "Terraform" = "true" } # (12 unchanged attributes hidden) ~ logging { + target_prefix = "logs/" # (1 unchanged attribute hidden) } # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Warning: Argument is deprecated with module.satellite_access_bucket.aws_s3_bucket.this, on .terraform/modules/satellite_access_bucket/S3_log_bucket/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 9 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.s3_replicate"] 20 tests, 19 passed, 1 warning, 0 failures, 0 exceptions ```